I use a lot of JavaScript in my GL sites, very little Java. I think PHP and JavaScript work quite well together. I imagine that most things done it JS can be done in PHP. However when the wheel is already created I see no need to recreate it.

Using javascript to create md5 and sha1 hashes is pretty useful to ensure passwords never get sent in the clear when a user logs into a geeklog site.

All one has to do is generate a "salt" on the server end and send it to the user's web browser when they visit your site. When the user types in the login details on the client end and hits "login," the md5/sha1 hashing javascript takes the password, md5 hashes that password, concatenates the md5 hash with the server-generated salt, then sha1 hashes that and sends that sha1 hash to the server. The server then takes the md5 hash of the password it has in the database, concatenates that md5 hash with the salt that it previously sent to the client, generate a sha1 hash out of that, then compare what it generated to what it received from the client. If that matches, the login is considered valid and no plain text exchange of the password occured. Obviously, this isn't as logging into a site via SSL, but it is decent enough. Also, for "replay protection" (to prevent someone from simply sending the same sniffed sha1 hash to login as a particular user again, geeklog must change the salt it sends to the client after a successful login, or after a small timeout period (something like 2 minutes is good).